Signed responses #621
Signed responses #621
Conversation
DavidM-D
force-pushed
the
dmd/signed-response
branch
from
2c7b5a8 to
771c29d
Compare
| let derivation_path = format!("{EPSILON_DERIVATION_PREFIX}{},{}", predecessor_id, path); | ||
| let mut hasher = Sha256::new(); | ||
| hasher.update(derivation_path); | ||
| let mut bytes = hasher.finalize(); |
There was a problem hiding this comment.
consider native near_sdk::env::sha256 instead of wasm-side sha256 to be more efficient?
| anyhow::bail!("cannot use either recovery id (0 or 1) to recover pubic key") | ||
| } | ||
|
|
||
| // #[cfg(not(target_arch = "wasm32"))] |
There was a problem hiding this comment.
This and // #[cfg(target_arch = "wasm32")] conditional compile seems unnecessary, as near-sdk handles mock of ecrecover etc. on non wasm case (by importing vmlogic from nearcore): https://github.com/near/near-sdk-rs/blob/master/near-sdk/src/environment/mock/mocked_blockchain.rs
There was a problem hiding this comment.
Ah excellent point
There was a problem hiding this comment.
Do you mind if I move this to the next PR? The merge conflicts are killing me
So the contract code can inherit it (also maybe include this in a client library later?)
It's not working with the CI
| let mut hasher = Sha256::new(); | ||
| hasher.update(derivation_path); | ||
| let mut bytes = hasher.finalize(); | ||
| // Due to a previous bug in our Scalar conversion code, this hash was reversed, we reverse it here to preserve compatibility, but will likely change this later. |
There was a problem hiding this comment.
What is the reason for postponing this breaking change? Isn't now the best time to do it?
There was a problem hiding this comment.
I'm just trying to break up this PR a bit, I'll get it through before the 0.3.0 release
| let payload_hash_scalar = k256::Scalar::from_bytes(&payload_hash); // TODO: why do we need both reversed and not reversed versions? | ||
| let mut payload_hash_reversed: [u8; 32] = payload_hash; | ||
| payload_hash_reversed.reverse(); | ||
| payload_hash.reverse(); |
There was a problem hiding this comment.
We are still reversing the hash here.
There was a problem hiding this comment.
This code was and still is a bit of a mess.
Previously converting a Scalar to bytes reversed the bytes and converted to a Scalar.
The big_r and s values were generated using chain signatures from an older commit, therefore the signature is generated against a reversed hash.
You now have to reverse the bytes to generate the same Scalar and therefore Signature and this tests that. I'll write a comment to this effect, after this change has rolled out we should update this test using new values.
DavidM-D
force-pushed
the
dmd/signed-response
branch
from
ad5976c to
942aca4
Compare
| match self { | ||
| Self::V0(mpc_contract) => mpc_contract.pending_requests.get(request), | ||
| } | ||
| } | ||
|
|
| @@ -70,36 +73,53 @@ impl Default for VersionedMpcContract { | |||
| } | |||
| } | |||
|
|
|||
| #[derive(BorshDeserialize, BorshSerialize, Serialize, Deserialize, Debug, Clone)] | |||
| pub struct SignatureRequest { | |||
There was a problem hiding this comment.
Why do we need SignatureRequest and SignRequest? Can we use 1 struct?
There was a problem hiding this comment.
SignatureRequest describes all the information about a request required by the signing protocol, SigRequest is the structure of the request sent to the contract, so they're different. That being said, we can probably come up with better names.
Terraform Feature Environment Destroy (dev-621)Terraform Initialization ⚙️
|
* Moved kdf out of the node So the contract code can inherit it (also maybe include this in a client library later?) * Migrated contract over to using API with context * Fix test imports * Successfully merged into phuongs mega PR * Builds with signature verification * Working tests with a compatible API * All tests pass (with spurious reversing) * Test rogue responses fail * Generate recovery ID on node * Switched to use native near function to verify sig * Cleanup * Removed Multichain Signature type * Add missing import in wasm builds * Added a changelog explaining the API changes * Cleanup comments * Move into_eth_sig back up the dep tree * Migrate recovery ID functions up the tree * Clippy fix * Do the native function in a seperate PR It's not working with the CI * Fix fmt * Clippy fixes * Compiling after rebase * Update contract/src/lib.rs Co-authored-by: Serhii Volovyk <[email protected]> * Fixed types and removed unneeded type * Simplify API * Shrink diff * Comment explaining the mad test --------- Co-authored-by: Serhii Volovyk <[email protected]>
Make the smart contract verify that the responses we're getting back from the nodes are valid.
A large part of the change is move dependencies into crypto_shared so it can be used in the contract for verification.
This has a breaking change in that payloads are no longer little endian and are big endian (standard in our industry).
A subsequent PR will: